Call abort() if NSS cannot read from /dev/urandom.

nss/lib/freebl/unix_rand.c

Index: nss/lib/freebl/unix_rand.c
===================================================================
--- nss/lib/freebl/unix_rand.c	(revision 204056)
+++ nss/lib/freebl/unix_rand.c	(working copy)
@@ -918,6 +918,16 @@
     || defined(HPUX)
     if (bytes)
         return;
+
+    /*
+     * Modified to abort the process if it failed to read from /dev/urandom.
+     *
+     * See crbug.com/244661 for details.
+     */
+    fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
+            "Abort process.\n", __FILE__, __LINE__);
+    fflush(stderr);
+    abort();
 #endif
 
 #ifdef SOLARIS
@@ -968,9 +978,8 @@
     /* suppress valgrind warnings due to holes in struct stat */
     memset(&stat_buf, 0, sizeof(stat_buf));
 
-    if (stat((char *)fileName, &stat_buf) < 0)
-	return fileBytes;
-    RNG_RandomUpdate(&stat_buf, sizeof(stat_buf));
+    if (stat((char *)fileName, &stat_buf) == 0)
+	RNG_RandomUpdate(&stat_buf, sizeof(stat_buf));

[wtc, 2013/06/10 19:39:37]

This change is required only if we don't have the file-read-metadata
permission for /dev/urandom.  See https://codereview.chromium.org/16748002/

My preference is to allow file-read-metadata for /dev/urandom.

     
     file = fopen((char *)fileName, "r");
     if (file != NULL) {
@@ -1132,7 +1141,15 @@
 
     file = fopen("/dev/urandom", "r");
     if (file == NULL) {
-	return rng_systemFromNoise(dest, maxLen);
+	/*
+	 * Modified to abort the process if it failed to read from /dev/urandom.
+	 *
+	 * See crbug.com/244661 for details.
+	 */
+	fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
+			"Abort process.\n", __FILE__, __LINE__);
+	fflush(stderr);
+	abort();
     }
     while (maxLen > fileBytes) {
 	bytes = maxLen - fileBytes;